Closed prateek105 closed 2 weeks ago
Compiler warnings that would be great to clean up
Slither output:
Timelock._addCalldataCheck(address,bytes4,uint16,uint16,bytes[],bool[]) (src/Timelock.sol#994-1083) ignores return value by indexes[indexLength].dataHashes.add(dataHash) (src/Timelock.sol#1073)
Timelock._removeCalldataCheck(address,bytes4,uint256) (src/Timelock.sol#1124-1167) ignores return value by indexCheck.dataHashes.remove(removedDataHashes[i]) (src/Timelock.sol#1146)
Timelock._removeCalldataCheck(address,bytes4,uint256) (src/Timelock.sol#1124-1167) ignores return value by indexCheck.dataHashes.add(dataHashes[i_scope_0]) (src/Timelock.sol#1154)
Timelock._removeCalldataCheck(address,bytes4,uint256) (src/Timelock.sol#1124-1167) ignores return value by lastIndexCheck.dataHashes.remove(dataHashes[i_scope_0]) (src/Timelock.sol#1155)
Timelock._removeAllCalldataChecks(address,bytes4) (src/Timelock.sol#1176-1210) ignores return value by removedCalldataCheck.dataHashes.remove(dataHashes[i]) (src/Timelock.sol#1202)
All of these locations should check the return value and assert the value is true.
Slither output:
Timelock._addCalldataCheck(address,bytes4,uint16,uint16,bytes[],bool[]) (src/Timelock.sol#994-1083) ignores return value by indexes[indexLength].dataHashes.add(dataHash) (src/Timelock.sol#1073) Timelock._removeCalldataCheck(address,bytes4,uint256) (src/Timelock.sol#1124-1167) ignores return value by indexCheck.dataHashes.remove(removedDataHashes[i]) (src/Timelock.sol#1146) Timelock._removeCalldataCheck(address,bytes4,uint256) (src/Timelock.sol#1124-1167) ignores return value by indexCheck.dataHashes.add(dataHashes[i_scope_0]) (src/Timelock.sol#1154) Timelock._removeCalldataCheck(address,bytes4,uint256) (src/Timelock.sol#1124-1167) ignores return value by lastIndexCheck.dataHashes.remove(dataHashes[i_scope_0]) (src/Timelock.sol#1155) Timelock._removeAllCalldataChecks(address,bytes4) (src/Timelock.sol#1176-1210) ignores return value by removedCalldataCheck.dataHashes.remove(dataHashes[i]) (src/Timelock.sol#1202)
All of these locations should check the return value and assert the value is true.
Please try re-running slither and seeing if these issues are gone.
Please try re-running slither and seeing if these issues are gone.
Checked. These issues are gone.
Slither output in red and yellow colour:
Dangerous calls:
- require(bool,string)(receiver.send(payment),GS011) (lib/safe-smart-account/contracts/Safe.sol#243)
Timelock._execute(address,uint256,bytes) (src/Timelock.sol#980-985) sends eth to arbitrary user
Dangerous calls:
- (success) = target.call{value: value}(data) (src/Timelock.sol#983)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#functions-that-send-ether-to-arbitrary-destinations
IERC165 is re-used:
- IERC165 (lib/openzeppelin-contracts/contracts/utils/introspection/IERC165.sol#15-25)
- IERC165 (lib/safe-smart-account/contracts/interfaces/IERC165.sol#5-15)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#name-reused
Reentrancy in Timelock.execute(address,uint256,bytes,bytes32) (src/Timelock.sol#601-621):
External calls:
- _execute(target,value,payload) (src/Timelock.sol#614)
- (success) = target.call{value: value}(data) (src/Timelock.sol#983)
State variables written after the call(s):
- _afterCall(id) (src/Timelock.sol#620)
- timestamps[id] = _DONE_TIMESTAMP (src/Timelock.sol#973)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities
Timelock.isOperationDone(bytes32) (src/Timelock.sol#422-424) uses a dangerous strict equality:
- timestamps[id] == _DONE_TIMESTAMP (src/Timelock.sol#423)
ConfigurablePauseGuardian.paused() (src/ConfigurablePauseGuardian.sol#76-80) uses a dangerous strict equality:
- pauseStartTime == 0 (src/ConfigurablePauseGuardian.sol#77-79)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
AccessControlEnumerable._grantRole(bytes32,address) (lib/openzeppelin-contracts/contracts/access/extensions/AccessControlEnumerable.sol#64-70) ignores return value by _roleMembers[role].add(account) (lib/openzeppelin-contracts/contracts/access/extensions/AccessControlEnumerable.sol#67)
AccessControlEnumerable._revokeRole(bytes32,address) (lib/openzeppelin-contracts/contracts/access/extensions/AccessControlEnumerable.sol#75-81) ignores return value by _roleMembers[role].remove(account) (lib/openzeppelin-contracts/contracts/access/extensions/AccessControlEnumerable.sol#78)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
Timelock
coverage is 100% for lines, functions and statements. 97% for branches, only the branches where assert has been added for formal verification are missing.Used following command for running coverage:
forge coverage -vv --fork-url https://eth-mainnet.g.alchemy.com/v2/<key>